Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SafeNet Agent for Microsoft IIS

Installing SafeNet Agent for Microsoft IIS

search

Please Note:

Installing SafeNet Agent for Microsoft IIS

Note

Administrative rights to the Windows system are required when installing, migrating, upgrading, configuring, and uninstalling SafeNet Agent for Microsoft IIS.

To install SafeNet Agent for Microsoft IIS:

  1. Log on to the Microsoft IIS web server as a user with administrative privileges.

  2. Locate and execute the following installation package: SafeNet Agent for Microsoft IIS.exe

  3. On the Welcome to the InstallShield Wizard for SafeNet Agent for Microsoft IIS window, click Next.

    alt_text

  4. On the License Agreement window, read the software license agreement, select I accept the terms in the license agreement, and click Next.

    alt_text

  5. On the Authentication Server Pairing window, select SAS PCE/SPE from the Authentication Server types and click Next.

    alt_text

  6. On the Customer Information window, enter User Name and Organization and click Next.

    alt_text

    Note

    To determine who will have access to the application, select one of the following: Anyone who uses this computer (all users) or Only for me (Windows User).

  7. On the Destination Folder window, select one of the following options:

    • To change the installation folder, click Change, navigate to the required folder, and then click Next.

    • To accept the default installation folder as displayed, click Next.

    alt_text

  8. On the Ready to Install the Program window, click Install.

    alt_text

  9. Once the installation is completed, the InstallShield Wizard Completed window displays. Click Finish to exit the wizard.

    alt_text

Configuring Internet Information Services

SafeNet Agent for Microsoft IIS requires that Terminal Services Web be configured to use Basic Authentication or Windows Authentication. Prior to enabling SafeNet Agent for Microsoft IIS, the following steps must be performed.

Activating basic authentication

To prevent superfluous prompts for credentials when logging in, set the web pages to Basic Authentication.

  1. Launch the IIS Manager from Administrative Tools.

  2. Navigate to Computer Name > Sites > Default Web Site.

  3. In the IIS section of the Features View pane, select Authentication.

  4. Enable Basic Authentication and ensure that all other authentication types are disabled.

Configuring Terminal Services Web for basic authentication

  1. Launch the IIS Manager from Administrative Tools.

  2. Click Computer Name > Sites > Default Web Site.

  3. Select TS.

  4. In the IIS section of the Features View pane, select Authentication.

    1. Disable Windows Authentication.

    2. Enable Basic Authentication.

  5. At the Edit Basic Authentication Settings window, enter a default domain (or leave it blank) in the Default domain field. Users who do not provide a domain when they log on to your site are authenticated against this domain.

  6. In the Realm text box, enter a realm (or leave it blank). Usually, you can use the same value for the realm name that was used for the default domain.

    Caution

    If you enter the default domain name in the Realm text box, your internal Microsoft Windows domain name may be exposed to external users during the user name and password challenge.

  7. Click OK to save your changes.

Activating Windows authentication

To prevent superfluous prompts for credentials when logging in, set the web pages to Windows Authentication.

  1. Launch the IIS Manager from Administrative Tools.

  2. Navigate to Computer Name > Sites > Default Web Site.

  3. In the IIS section of the Features View pane, select Authentication.

  4. Enable Windows Authentication and ensure that all other authentication types are disabled.

Configuring Terminal Services Web for Windows authentication

  1. Launch the IIS Manager from Administrative Tools.

  2. Click Computer Name > Sites > Default Web Site.

  3. Select TS.

  4. In the IIS section of the Features View pane, select Authentication.

  5. Enable Windows Authentication and ensure that all other authentication types are disabled.

Enabling the agent

The following procedure describes how to enforce SafeNet authentication during logon to Terminal Services Web. For more information about each setting, see Configuring SafeNet Agent for Microsoft IIS.

  1. Click Start > All Programs > SafeNet > Agents > IIS Agent Configuration Tool.

  2. On the Policy tab, under All Web Sites, select Default Web Site.

    1. Under Protected Applications, select the websites that you want to protect.

    2. Select Enable Agent and any additional settings, if required.

  3. Click the Communications tab. Verify that the Authentication Server Settings reflect the location of the SafeNet server.

  4. Verify that all other tabs meet your requirements.

  5. Apply the settings. The IIS server will restart for the settings to take effect.

Uninstalling the agent

Note

Administrative rights to the Windows system are required when installing, migrating, configuring, and uninstalling SafeNet Agent for Microsoft IIS.

To uninstall SafeNet Agent for Microsoft IIS:

  1. Navigate to Start > Control Panel > Programs and Features.

  2. Select SafeNet Agent for Microsoft IIS.

  3. Click Uninstall.

Configuring Transport Layer Security

To configure TLS 1.2 support on SafeNet Agent for Microsoft IIS, set the registry as follows:

  • HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    DisabledByDefault => 0x0

Note

The agent will always connect with the highest enabled protocol.

On this page